---
kind: ServiceAccount
apiVersion: v1
metadata:
  name: application-sa
---
kind: Service
apiVersion: v1
metadata:
  name: openresty
spec:
  ports:
    - port: 80
      targetPort: 80
  selector:
    k8s-app: openresty

---
kind: Deployment
apiVersion: apps/v1
metadata:
  name: openresty
  labels:
    k8s-app: openresty
  annotations:
    reloader.stakater.com/auto: "true"
    configmap.reloader.stakater.com/reload: "openresty"
spec:
  replicas: 2
  revisionHistoryLimit: 3
  selector:
    matchLabels:
      k8s-app: openresty
  template:
    metadata:
      labels:
        k8s-app: openresty
    spec:
      #### Добавлен для работы vault
      serviceAccountName: application-sa
      initContainers:
        - name: prepare
          image: busybox:1.34.1
          imagePullPolicy: "IfNotPresent"
          command:
            - sh
            - -c
            - |
              sed -e "s/\$APPLICATION_FROM_VAULT/$(cat /mnt/secrets-store/application)/" \
                  -e "s/\$USER_FROM_VAULT/$(cat /mnt/secrets-store/user)/" \
                  -e "s/\$PASSWORD_FROM_VAULT/$(cat /mnt/secrets-store/password)/" \
                  /mnt-template/index.html > /mnt/index.html
              echo "Done"
          volumeMounts:
            - name: secrets-store-inline
              mountPath: "/mnt/secrets-store"
              readOnly: true
            - name: config
              mountPath: "/mnt"
            - name: config-template
              mountPath: "/mnt-template"
      containers:
        - name: openresty
          image: openresty/openresty:centos-rpm
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 80
              name: http
          readinessProbe:
            httpGet:
              path: /index.html
              port: http
            initialDelaySeconds: 5
            periodSeconds: 15
          livenessProbe:
            httpGet:
              path: /index.html
              port: http
            initialDelaySeconds: 5
            periodSeconds: 15
            timeoutSeconds: 5
          resources:
            limits:
              cpu: "0.2"
              memory: "400Mi"
            requests:
              cpu: "0.1"
              memory: "200Mi"
          volumeMounts:
            - name: config
              mountPath: /usr/local/openresty/nginx/html/
      volumes:
        - name: config-template
          configMap:
            name: openresty
        - name: config
          emptyDir:
            medium: Memory
        - name: secrets-store-inline
          csi:
            driver: secrets-store.csi.k8s.io
            readOnly: true
            volumeAttributes:
              secretProviderClass: "vault-application"
